package com.education.api.config.shiro;

import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.education.business.mapper.SystemAdminMapper;
import com.education.common.SpringBeanManager;
import com.education.common.exception.BusinessException;
import com.education.common.util.Md5Utils;
import com.education.common.util.ObjectUtils;
import com.education.common.util.ResultCode;
import com.education.model.dto.AdminUserSession;
import com.education.model.entity.SystemAdmin;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;

/**
 * @author 余一
 * @date 2021/9/13  10:07
 */
@Component
public class SystemRealm extends AuthorizingRealm {
    /**
     * 用户授权
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        AdminUserSession adminSession = (AdminUserSession)principalCollection.getPrimaryPrincipal();
        if (ObjectUtils.isNotEmpty(adminSession)) {
            return this.loadPermission(adminSession);
        }
        return null;
    }

    /**
     * 获取用户权限
     * @param adminSession
     * @return
     */
    private AuthorizationInfo loadPermission(AdminUserSession adminSession) {
        if (ObjectUtils.isNotEmpty(adminSession)) {
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            info.addStringPermissions(adminSession.getPermissionList());
            return info;
        }
        return null;
    }


    /**
     * 用户认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        //获取用户名
        String username = token.getUsername();
        //根据用户名查询是否存在该用户
        QueryWrapper queryWrapper = Wrappers.query().eq("login_name",username);
        SystemAdmin systemAdmin = getSystemAdminMapper().selectOne(queryWrapper);
        if (ObjectUtils.isEmpty(systemAdmin)) {
            throw new UnknownAccountException("用户不存在");
        }else if (systemAdmin.isDisabled()){
            throw new BusinessException(new ResultCode(ResultCode.FAIL,"用户已被禁用"));
        }
        String password = Md5Utils.getMd5(new String(token.getPassword()),systemAdmin.getEncrypt());
        token.setPassword(password.toCharArray());
        return new SimpleAuthenticationInfo(new AdminUserSession(systemAdmin),systemAdmin.getPassword(),getName());
    }

    private SystemAdminMapper getSystemAdminMapper(){
        return SpringBeanManager.getBean(SystemAdminMapper.class);
    }
}
